The Cyberlaw Podcast

The Cyberlaw Podcast: The Grim Lessons of the SolarWinds Breach

By Stewart Baker
Tuesday, January 5, 2021, 12:13 PM

Episode 343 of the Cyberlaw Podcast is a long meditation on the ways in which technology is encouraging other nations to exercise soft power inside the United States. I interview Nina Jankowicz, author of How to Lose the Information War on how Russian disinformation has affected Poland, Ukraine and the rest of Eastern Europe—and the lessons, if any, those countries can offer a divided United States.

In the news, Bruce Schneier and I dig for more lessons in the rubble left behind by the SolarWinds hack. Nobody comes out looking good. Persistent engagement and defending forward only works if you’re actually, you know, engaged and defending, and Russia’s cyberspies managed (not surprisingly) to have hidden their achievement from the National Security Agency (NSA) and Cyber Command.

More and better defense is another answer (not that it’s worked for the last 40 years it’s been tried). But whatever solution we pursue, Bruce makes clear, it’s going to be expensive.

Taking a quick break from geopolitics, Michael Weiner gives us a rundown on the new charges and details (mostly redacted) in the Texas case against Google for monopolization and conspiring with competitor Facebook. The scariest thing about the case from Google’s point of view, though, may be where it’s been filed. Not Washington but Beaumont, Texas, the most notoriously pro-plaintiff, anti-corporate jurisdiction in the country.

Returning to ways in which foreign governments are using our technology against us, David Kris tells the story of the Zoom executive who used pretextual violations of terms of service to take down speech the Chinese government didn’t like, censoring American efforts to hold a Tiananmen memorial. The good news: He was indicted by the Justice Department. The bad news: I can’t help suspecting that China learned this trick from lefty ideologues in Silicon Valley.

Aaand, right on cue, it turns out that China’s been accused of using its 50-cent army to file complaints of racism and video game violence to get YouTube to demonetize Americans using the platform to criticize China’s government.

Then Bruce points us toward a deep and troubling series of Zach Dorfman articles about how effectively China is using technology to vault over US intelligence agencies in the global spying competition.

And in quick succession, David Kris explains what’s new and what’s not in Israel’s view of international law and cyberconflict.

I note that President Trump’s NDAA veto has been overridden, making the cyberczar and DHS’s CISA the biggest winners in the cyber policy arena.

Bruce and I give a lick and a promise to the FinCen proposed rule regulating cryptocurrency. We’re both inclined to think more reregulation is worth pursuing, but we agree it’s too late for this administration to get anything on the books.

David Kris notes that Twitter has been fined around $550,000 over a data breach filing that was a few days late – by the Irish data protection office, in a GDPR ruling that is a few years late.

Apple has lost its bullying copyright battle against security start-up Corellium but the real risk to Corellium may be in the as-yet unresolved claim for violation of the DMCA.

And Trump’s DHS is leaving office with new warnings about the cyber risks of Chinese technology, this time touching on backdoors in TCL smart TVs and spillage from Chinese data services.

And more.

Download Episode 343 (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.